Yes, the system is unix based. And i have tought about the file system
permitions (user group), and not sure that this can solve that. I belive in
some apache solution.
Fernando Wendt
-----Mensagem original-----
De: Paul Stephenson [mailto:PStephenson@ficgroup.com]
Enviada em: quinta-feira, 21 de fevereiro de 2002 17:17
Para: users@httpd.apache.org
Assunto: RE: Protect directory
If this is done on a linux or unix platform here is how I did it, and
everyone can tell me if it is not secure.
I run the apache as user=www and group=webgroup, therefore if I make every
user that will be hosting pages, I can set the UID of the the person's
folder to their UID, and I set the user's GID in the /etc/passwd file to
'webgroup', and then I do a chmod -R o-x on the user's directory.
So in summary here is what you have:
drwxr-x--- This means that only the folders user can read, write, and
execute, but the group that is running apache has permission to read and
execute. What this means is that multiple people can log onto your ftp
site, see that there are other sites around, but they can't even do an 'ls'
on any of the directories (except for the one they own).
The key thing here is making sure that you have the /etc/passwd file and
/etc/group and /path/to/httpd.conf (for the user and group that runs
apache).
Would appreciate any comments or if I am all fudged up.
Paul
-----Original Message-----
From: Fernando Reuter Wendt [mailto:fernando@admijui.unijui.tche.br]
Sent: Thursday, February 21, 2002 12:20 PM
To: apacheUsersList (E-mail)
Subject: Protect directory
Hi,
how can i protect a directory, to make impossible to users get, view or list
what´s inside it? Sample: if i have one directory called ssfiles, on the
htdocs root, what i must do to make it not accessible to users view when
link to http://www.site.com/ssfiles , and also redirect them to another
link, like the index one (http://www.site.com)?
Thank you,
+-------------------------
Fernando A. R. Wendt
Webmaster UNIJUÍ
http://www.unijui.tche.br
-------------------------+
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
permitions (user group), and not sure that this can solve that. I belive in
some apache solution.
Fernando Wendt
-----Mensagem original-----
De: Paul Stephenson [mailto:PStephenson@ficgroup.com]
Enviada em: quinta-feira, 21 de fevereiro de 2002 17:17
Para: users@httpd.apache.org
Assunto: RE: Protect directory
If this is done on a linux or unix platform here is how I did it, and
everyone can tell me if it is not secure.
I run the apache as user=www and group=webgroup, therefore if I make every
user that will be hosting pages, I can set the UID of the the person's
folder to their UID, and I set the user's GID in the /etc/passwd file to
'webgroup', and then I do a chmod -R o-x on the user's directory.
So in summary here is what you have:
drwxr-x--- This means that only the folders user can read, write, and
execute, but the group that is running apache has permission to read and
execute. What this means is that multiple people can log onto your ftp
site, see that there are other sites around, but they can't even do an 'ls'
on any of the directories (except for the one they own).
The key thing here is making sure that you have the /etc/passwd file and
/etc/group and /path/to/httpd.conf (for the user and group that runs
apache).
Would appreciate any comments or if I am all fudged up.
Paul
-----Original Message-----
From: Fernando Reuter Wendt [mailto:fernando@admijui.unijui.tche.br]
Sent: Thursday, February 21, 2002 12:20 PM
To: apacheUsersList (E-mail)
Subject: Protect directory
Hi,
how can i protect a directory, to make impossible to users get, view or list
what´s inside it? Sample: if i have one directory called ssfiles, on the
htdocs root, what i must do to make it not accessible to users view when
link to http://www.site.com/ssfiles , and also redirect them to another
link, like the index one (http://www.site.com)?
Thank you,
+-------------------------
Fernando A. R. Wendt
Webmaster UNIJUÍ
http://www.unijui.tche.br
-------------------------+
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org